solving the top 5 gdpr challenges
play

Solving The Top 5 GDPR Challenges Accelerating your GDPR Program - PowerPoint PPT Presentation

Solving The Top 5 GDPR Challenges Accelerating your GDPR Program About Bill Bradley Leads Product Marketing for Data Loss Prevention Bill Bradley Director, Product Marketing ~20 years of marketing & sales experience Field


  1. Solving The Top 5 GDPR Challenges Accelerating your GDPR Program

  2. About Bill Bradley  Leads Product Marketing for Data Loss Prevention Bill Bradley Director, Product Marketing  ~20 years of marketing & sales experience • Field Sales, Competitive Analysis, Product Marketing & Management  Previously at Rapid7 and General Electric 2

  3. About Martin Sugden  CEO of Boldon James Martin Sugden  Oversees commercial strategy and product CEO development across Boldon James’ diverse range of software security products.  20+ years experience in the Security Industry and led the Management Buyout (MBO) of Boldon James and the subsequent sale to QinetiQ Plc in 2007. 3

  4. 4

  5. Technology People Process 5

  6. Technology People Process 6

  7. Agenda 4. Challenges, Solutions, 1. Introduction Benefits 5. About Digital Guardian & 2. GDPR in 30 Seconds Boldon James 3. Top 5 Challenges 6. Questions 7

  8. GDPR in 30 Seconds Data protection law Effective: May, 2018 harmonization Personal data protection Breach response protocol for, or about, EU citizens Global reach New penalties for breach 8

  9. GDPR in 30 Seconds Data protection law Effective: May, 2018 harmonization Personal data protection Breach response protocol for, or about, EU citizens Global reach New penalties for breach 9

  10. Top 5 Challenges 1. EU Citizen: The 3. Notification New Data Owner Requirement 4. Privacy by Design & 2. Confidentiality & Sensitive Data Protection Default 5. Data Protection Officer 10

  11. EU Citizen: The New Data Owner CHALLENGE 1 “…controller shall take appropriate measures to provide any information …and any communication…relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language… without undue delay ” 11

  12. EU Citizen: The New Data Owner CHALLENGE 1 Challenges Under New Management Opt-in vs opt-out Layers of Consent consent consent terminology Right to be Right to access Data portability forgotten 12

  13. EU Citizen: The New Data Owner CHALLENGE 1 Steps to Resolve Under New Management People Process Technology • Changing behaviors • Means to address • Find GDPR data around data inquires • Classify GDPR data collection, use • Limits on what is • Track GDPR data • Consent collected • Confirm where GDPR • Data lifecycle data isn’t management 13

  14. Confidentiality & Sensitive Data Protection CHALLENGE 2 “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘ integrity and confidentiality ’).” 14

  15. Confidentiality & Sensitive Data Protection CHALLENGE 2 Challenges Specificity Transparency Accuracy Confidentiality & Expiration Date Documented integrity 15

  16. Confidentiality & Sensitive Data Protection CHALLENGE 2 Steps to Resolve People Process Technology • Education & awareness • Rules around • Visibility processing, • Asking the right • Analytics disseminating questions • Controls • Minimizing data • DPO accountability • Encryption • DPO empowerment • Pseudonymization 16

  17. Notification Requirement CHALLENGE 3 “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority…” 17

  18. Notification Requirement CHALLENGE 3 Challenges Scope Containment Quick turn unknown unknown Eradication of Solutions threat unknown unknown 18

  19. Notification Requirement CHALLENGE 3 Steps to Resolve People Process Technology • Technical • Incident response plan • Detection • Non-technical • Data minimization • Containment • Data lifecycle • Neutralization management • Forensics 19

  20. Privacy by Design & Default CHALLENGE 4 “ When developing, designing, selecting and using applications, services and products …take into account the right to data protection …with due regard to the state of the art, to make sure that controllers and processors are able to fulfil their data protection obligations. ” 20

  21. Privacy by Design & Default CHALLENGE 4 Challenges The final hurdle vs Limit to current Limit access the 1 st stop need Proof of secure design and default 21

  22. Privacy by Design & Default CHALLENGE 4 Steps to Resolve People Process Technology • Changing behavior • Incorporate into • Flag GDPR data upon existing creation • The right questions • Over communicate • Automated controls initially 22

  23. Data Protection Officer CHALLENGE 5 “The controller and the processor shall designate a data protection officer …” 23

  24. Data Protection Officer “75,000 Data Protection CHALLENGE 5 Officers Needed By 2018 To Handle EU Law.” Challenges - DARKReading Staffing Immediate Organizational shortage need change Position role Power shift for success 24

  25. Data Protection Officer CHALLENGE 5 “75,000 Data Protection Officers Needed By 2018 Steps to Resolve To Handle EU Law.” - DARKReading People Process Technology • Acting DPO today • Define the role • Visibility • Define the hierarchy • Analytics • Controls 25

  26. Digital Guardian for Your 5 Challenges Confidentiality & EU Citizen: The New Notification Sensitive Data Data Owner Requirement Protection • Find the data • Visibility into extended • Threat aware data enterprise protection • Understand the data • Highlight risks to the • Incident response • Protect the data most sensitive data program • Stop data loss before compliance violations 26

  27. Digital Guardian for Your 5 Challenges Privacy by Design Data Protection Officer • Immediate visibility • Support compliance and security • Data aware security • Document compliance posture • Automated responses • Track improvement 27

  28.  Founded 2002 to protect all data against theft  Began with protecting IP on the endpoint - the most challenging use case  Simplified compliance and cloud data protection with DG appliance  Launched industry’s first Managed Security Program for DLP  Only security company 100% focused on protecting sensitive data from loss or theft #1 IP Protection 28

  29.  Digital Guardian’s choice for comprehensive user classification capabilities  Boldon James: • Proven technology platform and integrations – over 35 best-of-breed technology partners, including Digital Guardian • Owned by QinetiQ Plc - $2bn defence & security technology business • Global presence , local support across US, South America, EMEA and APAC • A Data Classification Market leader – wide range of data classification products supporting Windows, Mac & Citrix 29

  30. Threat Aware Data Protection Deepest Visibility Real-Time Analytics Flexible Controls  Network  Filters out the noise  Automatically protects sensitive data  Endpoint  Accelerates Compliance & Security Initiative  Don’t impede business  Cloud  Documents Compliance  Enforceable on all OS’s  Databases/Shares Posture to Auditors and  Across network, storage,  Structured and Management Team cloud and e ndpoints Unstructured Data 30 Confidential

  31. Threat Aware Data Protection Deepest Visibility Real-Time Analytics Flexible Controls  Network  Filters out the noise  Automatically protects sensitive data  Endpoint  Accelerates Compliance & Security Initiative  Don’t impede business  Cloud  Documents Compliance  Enforceable on all OS’s  Databases/Shares Posture to Auditors and  Across network, storage,  Structured and Management Team cloud and e ndpoints Unstructured Data 31 Confidential

  32. Summary  GDPR Go Live Date May 2018  Blend of People, Process, and Technology to Succeed  Digital Guardian Visibility, Analytics, and Controls • Demonstrate GDPR Compliance • Support Data Security 32

  33. How Prepared Are You?  Contact Digital Guardian to see if you qualify for a complementary GDPR Data Risk Assessment .  Provides custom reporting and analysis for your organization so you better understand: • Where Personal Data Resides • How Personal Data Flows • Who Processes Personal Data • And more…  Click Here To Inquire About Our GDPR Data Risk Assessment 33

  34. Thank You Any questions?

  35. Digital Guardian’s Next Webinar “Understanding and Implementing Data Security in Office 365”  April 19 @ 2:00 PM ET • Patrick Hevesi – Research Director - Gartner • Bill Bradley – Director Product Marketing - Digital Guardian  Watch this webcast to learn: • Can I trust Microsoft and Office 365? • How can I secure my enterprise data in Office 365? • Is DLP in Office 365 good enough? • What 3rd party solutions can help secure Office 365? 35

Recommend


More recommend